Q2 Ransom Payment Amounts Decline as Ransomware becomes a National Security Priority

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

Table of Contents

Average Ransom Payment

Data Exfiltration

Types of Ransomware

Attack Vectors

Companies Targeted

Costs of Attacks

If you had told us at the beginning of 2021 that then President elect Biden would be having a nose to nose face off with Putin over ransomware, we would have speculated that some serious escalation must have occurred. In reality, the lackadaisical indifference of one threat actor (DarkSide) set off a compounding series of events that have led us to where we are today. Given the volume of attacks that Ransomware-as-a-service (RaaS) groups conduct, and the de minimis diligence that these groups perform, we are quite certain that the DarkSide affiliate that attacked Colonial Pipeline, had no idea that a) Colonial controlled 45% of the gasoline supply on the US east coast, b) that shutting down that pipeline would cause a consumer run on gasoline, c) that NOTHING gets voters and their duly elected representatives out of their chairs like rising gasoline prices, and finally d) that if you mess with US gasoline prices, you are going to get the attention of the President. Other high profile attacks that would have otherwise garnered 12 hours of media attention were (FINALLY) codified proof that the US indeed has a major problem with ransomware. 

In reality, the volume and severity of ransomware attacks have been extreme but relatively stable for at least 18 months.  The focus and attention could not come at a better time, and the true scope of what US organizations and enterprises are up against may still not be fully appreciated. Ransomware groups now have operating budgets that may rival small nations themselves. For context, in late June, FBI Director Christopher Wray requested an additional $40 million for the FBI’s cybersecurity budget. Coveware estimates that REvil alone may have collected close to $100 million in ransom payments in just the first 6 months of 2021. And that is one group. A note to anyone in Congress reading this, please add at least one zero to Director Wray’s requested cyber budget. What will these groups do with these war chests? So far, we are seeing signs that some groups are moving up market and purchasing more expensive…